Author Topic: JS:Redirector-MR in my wordpress site (Read 5067 times)

shrmony · « **on:** December 29, 2011, 10:38:25 PM »

ht-p://www.scientiahow.com/
i know that the virus is in the theme i want to know in what file and how to remove this virus

!Donovan · « **Reply #1 on:** December 29, 2011, 10:40:56 PM »

Can you please make the link nonclickable, shrmony?

Change http to hXtp, as it avoids accidental clicks.

shrmony · « **Reply #2 on:** December 29, 2011, 10:42:20 PM »

!Donovan · « **Reply #3 on:** December 29, 2011, 10:51:03 PM »

Sucuri gives us some malicious links it found.

Do you know how to edit the source of your site?

shrmony · « **Reply #4 on:** December 29, 2011, 10:56:30 PM »

Quote from: Donovansrb10 on December 29, 2011, 10:51:03 PM

Sucuri gives us some malicious links it found.

Do you know how to edit the source of your site?

the infect is in the template file so it will be in all links

!Donovan · « **Reply #5 on:** December 29, 2011, 11:01:58 PM »

Alright. Can you edit your template file?

If so, do a search for p,a,c,k,e,r

And remove the code attached.

!Donovan · « **Reply #6 on:** December 29, 2011, 11:09:07 PM »

Quote from: shrmony on December 29, 2011, 10:56:30 PM

the infect is in the template file so it will be in all links

When I view your homepage, I also see this malicious script (not loaded by a secondary file), so remove it from your homepage as well.

shrmony · « **Reply #7 on:** December 29, 2011, 11:49:26 PM »

Quote from: Donovansrb10 on December 29, 2011, 11:09:07 PM

Quote from: shrmony on December 29, 2011, 10:56:30 PM
the infect is in the template file so it will be in all links
When I view your homepage, I also see this malicious script (not loaded by a secondary file), so remove it from your homepage as well.

i deleted the p,a,c,k,e,r script from the footer is there any thing else?

!Donovan · « **Reply #8 on:** December 29, 2011, 11:56:15 PM »

It appears in your 404 javascript

shrmony · « **Reply #9 on:** December 30, 2011, 12:12:13 AM »

Quote from: Donovansrb10 on December 29, 2011, 11:56:15 PM

It appears in your 404 javascript

i have deleted it now from all files i can get
thanks very much
another question
what is this virus used for ?

!Donovan · « **Reply #10 on:** December 30, 2011, 12:22:31 AM »

It's a Dead Edwards virus.

This kind of virus is packed by Dean Edwards packer, which can be found at his site.

This code attempts to load a malicious page from another site.

Pondus · « **Reply #11 on:** December 30, 2011, 12:22:50 AM »

Quote

what is this virus used for ?

as it say...JS:Redirector.....it will send you somwhere else

and that place may have additional malware...

Sucuri info on Dean Edwards packer

http://sucuri.net/new-malware-evalfunctionpacked.html
http://sucuri.net/malware/malware-entry-mwjsdepack

and on wordpress
http://sucuri.net/?s=wordpress

shrmony · « **Reply #12 on:** December 30, 2011, 12:30:51 AM »

really thanks for you all

!Donovan · « **Reply #13 on:** December 30, 2011, 01:40:47 PM »

Your welcome!

Author Topic: JS:Redirector-MR in my wordpress site (Read 5067 times)

shrmony

JS:Redirector-MR in my wordpress site

!Donovan

Re: JS:Redirector-MR in my wordpress site

shrmony

Re: JS:Redirector-MR in my wordpress site

!Donovan

Re: JS:Redirector-MR in my wordpress site

shrmony

Re: JS:Redirector-MR in my wordpress site

!Donovan

Re: JS:Redirector-MR in my wordpress site

!Donovan

Re: JS:Redirector-MR in my wordpress site

shrmony

Re: JS:Redirector-MR in my wordpress site

!Donovan

Re: JS:Redirector-MR in my wordpress site

shrmony

Re: JS:Redirector-MR in my wordpress site

!Donovan

Re: JS:Redirector-MR in my wordpress site

Pondus

Re: JS:Redirector-MR in my wordpress site

shrmony

Re: JS:Redirector-MR in my wordpress site

!Donovan

Re: JS:Redirector-MR in my wordpress site